Anomaly Detection in Cloud Environments

Cloud environments compose unique operational characteristics and intrinsic capabilities such as service transparency and elasticity. By virtue of their exclusive properties as being outcomes of their virtualized nature, these environments are prone to a number of security threats either from malicious or legitimate intent. By virtue of the minimal proactive properties attained by off-the-shelf signature-based commercial detection solutions employed in various infrastructures, cloud-specific Intrusion Detection System (IDS) Anomaly Detection (AD)-based methodologies have been proposed in order to enable accurate identification, detection, and clustering of anomalous events that could manifest. Therefore, in this chapter the authors firstly aim to provide an overview in the state of the art related with cloud-based AD mechanisms and pinpoint their basic functionalities. They subsequently provide an insight and report some results derived by a particular methodology that jointly considers cloud-specific properties and relies on the Empirical Mode Decomposition (EMD) algorithm.

[1]  Gang Yin,et al.  Magnifier: Online Detection of Performance Problems in Large-Scale Cloud Computing Systems , 2011, 2011 IEEE International Conference on Services Computing.

[2]  David Hutchison,et al.  Malware analysis in cloud computing: Network and system characteristics , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[3]  Ying Wang,et al.  A Density-Based Anomaly Detection Method for MapReduce , 2012, 2012 IEEE 11th International Symposium on Network Computing and Applications.

[4]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[5]  Song Fu,et al.  Exploring Time and Frequency Domains for Accurate and Automated Anomaly Detection in Cloud Computing Systems , 2013, 2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing.

[6]  Patrick Flandrin,et al.  A complete ensemble empirical mode decomposition with adaptive noise , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Vanish Talwar,et al.  Online detection of utility cloud anomalies using metric distributions , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[9]  Martin Knahl,et al.  Anomaly Detection in IaaS Clouds , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[10]  C'eline L'evy-Leduc,et al.  Detection and localization of change-points in high-dimensional network traffic data , 2009, 0908.2310.

[11]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[12]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[13]  Nii O. Attoh-Okine,et al.  The Hilbert-Huang Transform in Engineering , 2005 .

[14]  Pierre-Marc Bureau SAME BOTNET, SAME GUYS, NEW CODE , 2011 .

[15]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[16]  Vanish Talwar,et al.  Statistical techniques for online anomaly detection in data centers , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[17]  Hiroshi Esaki,et al.  Mining anomalous electricity consumption using Ensemble Empirical Mode Decomposition , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[18]  David Hutchison,et al.  A multilevel approach towards challenge detection in cloud computing , 2013 .

[19]  Pasquale Puzio Secure deduplication with encrypted data for cloud storage , 2014 .

[20]  L. Cohen,et al.  Time-frequency distributions-a review , 1989, Proc. IEEE.

[21]  Song Fu,et al.  An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[22]  Mauricio Paletta,et al.  Sharing Medical Information by Means of Using Intelligent Agents and Cloud Computing , 2014 .

[23]  Arun Kejariwal,et al.  A Novel Technique for Long-Term Anomaly Detection in the Cloud , 2014, HotCloud.

[24]  R. Gencay,et al.  An Introduction to Wavelets and Other Filtering Methods in Finance and Economics , 2001 .

[25]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[26]  N. Altman An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression , 1992 .

[27]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[28]  David Hutchison,et al.  Towards a Distributed, Self-organising Approach to Malware Detection in Cloud Computing , 2013, IWSOS.

[29]  Lucio Grandinetti,et al.  Pervasive Cloud Computing Technologies: Future Outlooks and Interdisciplinary Perspectives , 2013 .

[30]  Jianguo Liu,et al.  AAD: Adaptive Anomaly Detection System for Cloud Computing Infrastructures , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[31]  Fawzy Soliman,et al.  Sustainable Business Transformation in Supply Chains , 2014, Web Services.

[32]  Kanishka Bhaduri,et al.  Detecting Abnormal Machine Characteristics in Cloud Infrastructures , 2011, 2011 IEEE 11th International Conference on Data Mining Workshops.

[33]  Pritee Parwekar,et al.  From Internet of Things towards cloud of things , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[34]  David Hutchison,et al.  Internet traffic classification using energy time-frequency distributions , 2013, 2013 IEEE International Conference on Communications (ICC).

[35]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[36]  Daniele Sgandurra,et al.  Cloud security is not (just) virtualization security: a short paper , 2009, CCSW '09.

[37]  Vanish Talwar,et al.  Ranking anomalies in data centers , 2012, 2012 IEEE Network Operations and Management Symposium.

[38]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[39]  Norden E. Huang,et al.  Ensemble Empirical Mode Decomposition: a Noise-Assisted Data Analysis Method , 2009, Adv. Data Sci. Adapt. Anal..

[40]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[41]  Fawzy Soliman Business Transformation and Sustainability through Cloud System Implementation , 2014 .

[42]  Song Fu,et al.  Adaptive Anomaly Identification by Exploring Metric Subspace in Cloud Computing Infrastructures , 2013, 2013 IEEE 32nd International Symposium on Reliable Distributed Systems.